Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: triggering, with a trusted application of a mobile device from a number of trusted applications, an attestation of the trusted application with a trusted platform module of the mobile device, wherein the number of trusted applications permitted to trigger attestation is restricted to a predefined maximum number; in response to the triggering, defining, by the mobile device, information comprising a value of a dynamic virtualized platform configuration register, where the platform configuration register comprises an aggregate of late-launched measurements from the trusted application and at least one other trusted application, where the aggregate of the measurements from the trusted application and the at least one other trusted application is in a successive order of measurement in the platform configuration register, and where the value of the platform configuration register depends on measurements in the aggregate of measurements of the trusted application triggering the attestation; and using the information comprising the value of the dynamic virtualized platform configuration register to perform the attestation and execute the trusted application.
2. The method of claim 1 , further comprising binding the trusted application to the trusted platform module of the mobile device based on at least the value.
3. The method of claim 1 , where the information comprises measurement information associated with the trusted application.
4. The method of claim 1 , where the aggregate of late-launched measurements from the trusted application and at least one other trusted application comprises separate entries in the virtualized platform configuration register separating late-launched measurements from the trusted application from late-launched measurements from the at least one other trusted application, where the separate entries are separated by at least one comma in the virtualized platform configuration register.
5. The method of claim 1 , where the virtualized platform configuration register is associated with the trusted application.
6. The method of claim 1 , where the aggregate of late-launched measurements from the trusted application and the at least one other trusted application is bound, respectively, to the trusted application and the at least one other trusted application in the platform configuration register.
7. The method of claim 6 , where the value of the platform configuration register depends on a late-launched measurement from the aggregate of late-launched measurements of the virtualized platform configuration register that is bound to the trusted application triggering the attestation.
8. The method of claim 1 , where the value of the platform configuration register is defined based on an identification associated with the trusted application triggering the attestation.
9. A non-transitory computer readable medium encoded with computer program instructions executable by a processor to perform actions comprising: triggering, with a trusted application of a mobile device from a number of trusted applications, an attestation of the trusted application with a trusted platform module of the mobile device, wherein the number of trusted applications permitted to trigger attestation is restricted to a predefined maximum number; in response to the triggering, defining, by the mobile device, information comprising a value of a dynamic virtualized platform configuration register, where the platform configuration register comprises an aggregate of late-launched measurements from the trusted application and at least one other trusted application, where the aggregate of the measurements from the trusted application and the at least one other trusted application is in a successive order of measurement in the platform configuration register, and where the value of the platform configuration register depends on measurements in the aggregate of measurements of the trusted application triggering the attestation; and using the information comprising the value of the dynamic virtualized platform configuration register to perform the attestation and execute the trusted application.
10. The non-transitory computer readable medium of claim 9 , further comprising binding the trusted application to the trusted platform module of the mobile device based on at least the value.
11. The non-transitory computer readable medium of claim 9 , where the information comprises measurement information associated with the trusted application.
12. The non-transitory computer readable medium of claim 9 , where the aggregate of late-launched measurements from the trusted application and at least one other trusted application comprises separate entries in the virtualized platform configuration register separating late-launched measurements from the trusted application from late-launched measurements from the at least one other trusted application, where the separate entries are separated by at least one comma in the virtualized platform configuration register.
13. The non-transitory computer readable medium of claim 9 , where the virtualized platform configuration register is associated with the trusted application.
14. An apparatus comprising: at least one processor; and at least one memory including computer program code, where the at least one memory and the computer program code are configured, with the at least one processor, to cause the apparatus to at least: trigger, with a trusted application of a mobile device from a number of trusted applications, an attestation of the trusted application with a trusted platform module of the mobile device, wherein the number of trusted applications permitted to trigger attestation is restricted to a predefined maximum number; in response to the triggering, define, by the mobile device, information comprising a value of a dynamic virtualized platform configuration register, where the platform configuration register comprises an aggregate of late-launched measurements from the trusted application and at least one other trusted application, where the aggregate of the measurements from the trusted application and the at least one other trusted application is in a successive order of measurement in the platform configuration register, and where the value of the platform configuration register depends on measurements in the aggregate of measurements of the trusted application triggering the attestation; and use the information comprising the value of the dynamic virtualized platform configuration register to perform the attestation and execute the trusted application.
15. The apparatus of claim 14 , further comprising binding the trusted application to the trusted platform module of the mobile device based on at least the value.
16. The apparatus of claim 14 , where the information comprises measurement information associated with the trusted application.
17. The apparatus of claim 14 , where the aggregate of the late-launched measurements from the trusted application and at least one other trusted application comprises separate entries in the virtualized platform configuration register separating late-launched measurements from the trusted application from late-launched measurements from the at least one other trusted application, where the separate entries are separated by at least one comma in the virtualized platform configuration register.
18. The apparatus of claim 14 , where the virtualized platform configuration register is associated with the trusted application.
Unknown
April 5, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.